CVE-2020-0758

Опубликовано: 12 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 6

EPSS Низкий

Описание

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka 'Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0815.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0758
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:team_foundation_server:2017:update3.1:*:*:*:*:*:*

cpe:2.3:a:microsoft:team_foundation_server:2018:update1.2:*:*:*:*:*:*

cpe:2.3:a:microsoft:team_foundation_server:2018:update3.2:*:*:*:*:*:*

cpe:2.3:o:microsoft:azure_devops_server:2019:update1:*:*:*:*:*:*

cpe:2.3:o:microsoft:azure_devops_server:2019:update1.1:*:*:*:*:*:*

cpe:2.3:o:microsoft:azure_devops_server:2019.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05427

Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-0758

msrc

почти 6 лет назад

Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability

GHSA-f545-q9v5-fj94

github

больше 3 лет назад

BDU:2020-01143